manualshive.com logo in svg

Versitron SG71660M, Руководство пользователя

Поделиться
Скачать
Versitron SG71660M Скачать руководство пользователя страница 69

63 

4-2-8. 802.1X 

802.1x port-based network access control provides a method to restrict users to access network 

resources via authenticating user’s information. This restricts users from gaining access to the network 
resources through a 802.1x-enabled port without authentication. If a user wishes to touch the network 
through a port under 802.1x control, he (she) must firstly input his (her) account name for authentication 
and waits for gaining authorization before sending or receiving any packets from a 802.1x-enabled port. 

Before the devices or end stations can access the network resources through the ports under 

802.1x control, the devices or end stations connected to a controlled port send the authentication request 
to the authenticator, the authenticator passes the request to the authentication server to authenticate and 
verify, and the server tells the authenticator if the request receives the grant of authorization for the ports.  

According to IEEE802.1x, there are three components implemented. They are Authenticator, 

Supplicant and Authentication server shown in Fig. 4-13. 

Supplicant:  

It is an entity being authenticated by an authenticator. It is used to communicate with the 
Authenticator PAE (Port Access Entity) by exchanging the authentication message when the 
Authenticator PAE requests it. 

Authenticator:  

An entity facilitates the authentication of the supplicant entity. It controls the state of the port, 
authorized or unauthorized, according to the result of authentication message exchanged 
between it and a supplicant PAE. The authenticator may request the supplicant to re-
authenticate itself at a configured time period. Once it starts re-authenticating the supplicant, 
the controlled port keeps in the authorized state until re-authentication fails. 

A port acting as an authenticator is thought to be two logical ports, a controlled port and an 
uncontrolled port. A controlled port can only pass the packets when the authenticator PAE is 
authorized, and otherwise, an uncontrolled port will unconditionally pass the packets with PAE 
group MAC address, which has the value of 01-80-c2-00-00-03 and will not be forwarded by 
MAC bridge, at any time. 

Authentication server: 

 A device provides authentication service, through EAP, to an authenticator by using 
authentication credentials supplied by the supplicant to determine if the supplicant is 
authorized to access the network resource. 

The overview of operation flow for the Fig. 4-13 is quite simple. When Supplicant PAE issues a 
request to Authenticator PAE, Authenticator and Supplicant exchanges authentication 
message. Then, Authenticator passes the request to a RADIUS server to verify. Finally, the 
RADIUS server replies if the request is granted or denied. 

While in the authentication process, the message packets, encapsulated by Extensible 
Authentication Protocol over LAN (EAPOL), are exchanged between an authenticator PAE and 
a supplicant PAE. The Authenticator exchanges the message to authentication server using 
EAP encapsulation. Before successfully authenticating, the supplicant can only touch the 
authenticator to perform authentication message exchange or access the network from the 
uncontrolled port. 

Содержание SG71660M

Страница 1: ...SG71660M Web Smart 10 100 1000 16 Port Ethernet Switch with SFP support User s Manual September 2007 VERSITRON Inc 83 Albe Drive Suite C Newark DE 19702 www versitron com...

Страница 2: ...ower surges accident improper installation neglect alteration improper maintenance or other causes which are not normal and customary application of the products and for which they were not intended N...

Страница 3: ...lded interface cables and AC power cord if any must be used in order to comply with the emission limits CISPRACOMPLIANCE Thisdevice complies with EMC directiveoftheEuropean Communityand meets or excee...

Страница 4: ...4 2 1 4 IP Address Assignment 16 2 2 Typical Applications 21 3 Basic Concept and Management 23 3 1 What s the Ethernet 23 3 2 Media Access Control MAC 26 3 3 Flow Control 32 3 4 How does a switch work...

Страница 5: ...estart 87 4 4 2 Factory Default 88 4 4 3 Software Upgrade 89 4 4 4 Configuration File Transfer 90 4 4 5 Logout 91 5 Maintenance 92 5 1 Resolving No Link Condition 92 5 2 Q A 92 Appendix A Technical Sp...

Страница 6: ...Statement This equipment has been tested and found to comply with the limits for a class A computing device pursuant to Subpart J of part 15 of FCC Rules which are designed to provide reasonable prote...

Страница 7: ...management options and detailed explanation about hardware and software functions Overview of this user s manual Chapter 1 Introduction describes the features of 16 Port Gigabit Web Smart Switch Chap...

Страница 8: ...transceiver 1000Mbps LC 10km SFP Fiber transceiver 1000Mbps LC 30km SFP Fiber transceiver 1000Mbps LC 50km SFP Fiber transceiver 1000Mbps BiDi 20km 1550nm SFP Fiber WDM transceiver 1000Mbps BiDi 20km...

Страница 9: ...0 1000Mbps Auto negotiation Gigabit Ethernet TP ports 4 10 100 1000Mbps TP or 1000Mbps SFP Fiber dual media auto sense 400KB on chip frame buffer Jumbo frame support Programmable classifier for QoS La...

Страница 10: ...ent while monitored events happened Supports default configuration which can be restored to overwrite the current configuration which is working on via Web UI and Reset button of the switch Supports o...

Страница 11: ...lay area located on the left side of the panel contains a Power LED which indicates the power status and 16 ports working status of the switch Fig 1 1 Full View of 16 PORT GbE Web Smart Switch Fig 1 2...

Страница 12: ...Mbps Green Amber Lit Green when TP link on 1000Mbps speed Lit Amber when TP link on 100Mbps speed Off when 10Mbps or no link occur Blinks when any traffic is present 1000SX LX Gigabit Fiber Port 13 14...

Страница 13: ...ow 1000Mbps LC MM SFP Fiber transceiver 1000Mbps LC SM 10km SFP Fiber transceiver 1000Mbps LC SM 30km SFP Fiber transceiver 1000Mbps LC SM 50km SFP Fiber transceiver 1000Mbps LC SM 70km SFP Fiber tran...

Страница 14: ...source Installing Optional SFP Fiber Transceivers to the 16 Port GbE Web Smart Switch Note If you have no modules please skip this section Connecting the SFP Module to the Chassis The optional SFP mod...

Страница 15: ...h supports 100 240 VAC 50 60 Hz power supply The power supply will automatically convert the local AC power source to DC power It does not matter whether there is any connection plugged into the switc...

Страница 16: ...d BIDI Gigabit Fiber with multi mode LC SFP module Gigabit Fiber with single mode LC SFP module Gigabit Fiber with BiDi 1310nm SFP module Gigabit Fiber with BiDi 1550nm SFP module The following table...

Страница 17: ...10 m TP to fiber Converter 56 Bit Time unit 1ns 1sec 1000 Mega bit Bit Time unit 0 01 s 1sec 100 Mega bit Table 2 2 Sum up all elements bit time delay and the overall bit time delay of wires devices...

Страница 18: ...itch supports both port based VLAN and tag based VLAN They are different in practical deployment especially in physical location The following diagram shows how it works and what the differences are C...

Страница 19: ...N3 members but they can access VLAN4 members 3 VLAN3 members cannot access VLAN1 VLAN2 and VLAN4 4 VLAN4 members cannot access VLAN1 and VLAN3 members but they can access VLAN2 members Case3a The same...

Страница 20: ...f web the user is allowed to start up the switch management function Users can use any one of them to monitor and configure the switch You can touch them through the following procedures Section 2 1 3...

Страница 21: ...a physical path between the configured switch and a PC by a qualified UTP Cat 5 cable with RJ 45 connector Note If the PC directly connects to the switch you have to setup the same subnet mask between...

Страница 22: ...asses or categories Each class has its own network range between the network identifier and host identifier in the 32 bits address Each IP address comprises two parts network identifier address and ho...

Страница 23: ...0 0 0 8 is reserved for loopback function 0 Class B IP address range between 128 0 0 0 and 191 255 255 255 Each class B network has a 16 bit network prefix followed 16 bit host address There are 16 3...

Страница 24: ...B network 128 1 2 3 it may have a subnet mask 255 255 0 0 in default in which the first two bytes is with all 1s This means more than 60 thousand nodes in flat IP addresses will be at the same network...

Страница 25: ...4 256 254 23 512 510 22 1024 1022 21 2048 2046 20 4096 4094 19 8192 8190 18 16384 16382 17 32768 32766 16 65536 65534 Table 2 3 According to the scheme above a subnet mask 255 255 255 0 will partition...

Страница 26: ...efault router Basically it is a routing policy For assigning an IP address to the switch you just have to check what the IP address of the network will be connected with the switch Use the same networ...

Страница 27: ...efer to Appendix A The switch is suitable for the following applications Central Site Remote site application is used in carrier or ISP See Fig 2 10 Peer to peer application is used in two remote offi...

Страница 28: ...22 Fig 2 12 Office Network Connection Fig 2 11 Peer to peer Network Connection...

Страница 29: ...8 Gigabit Ethernet was rolled out and provided 1000Mbps Now 10G s Ethernet is being developed Although these Ethernet have different speeds they still use the same basic functions So they are compatib...

Страница 30: ...lay entity Logical link control supports the interface between the Ethernet MAC and upper layers in the protocol stack usually the Network layer which is nothing to do with the nature of the LAN So it...

Страница 31: ...nse The DSAP and SSAP pair with some reserved values indicates some well known services listed in the table below 0xAAAA SNAP 0xE0E0 Novell IPX 0xF0F0 NetBios 0xFEFE IOS network layer PDU 0xFFFF Novel...

Страница 32: ...g and locally unique address Since this type of address is applied only to the Ethernet LAN media access control MAC they are referred to as MAC addresses The first three bytes are Organizational Uniq...

Страница 33: ...broadcast which means all network device except the sender itself can receive the frame and response Ethernet Frame Format There are two major forms of Ethernet frame type encapsulation and length en...

Страница 34: ...ion and Netware 802 3 RAW encapsulation Each of them has different fields following the Length field If the Length Type value is greater than 1500 it means the Length Type acts as Type Different type...

Страница 35: ...ings summarize what a MAC does before transmitting a frame 1 MAC will assemble the frame First the preamble and Start of Frame delimiter will be put in the fields of PRE and SFD followed DA SA tag ID...

Страница 36: ...o most distant devices This maximum time is traded off by the collision recovery time and the diameter of the LAN In the original 802 3 specification Ethernet operates in half duplex only Under this c...

Страница 37: ...both transmitting and receiving frames are processed simultaneously This doubles the total bandwidth Full duplex is much easier than half duplex because it does not involve media contention collision...

Страница 38: ...on the medium at that time the device will wait for a period of time known as an inter frame gap time to have the medium clear and stabilized as well as to have the jobs ready such as adjusting buffe...

Страница 39: ...ewhere or an interface malfunctioned in the LAN When detecting the case the MAC drops the packet and goes back to the ready state 2 If the DA of the received frame exactly matches the physical address...

Страница 40: ...finds a reserved special value 0x8100 at the location of the Length Type field of the normal non VLAN frame it will interpret the received frame as a tagged VLAN frame If this happens in a switch the...

Страница 41: ...transmit data to the station s attached in the LAN When more than one station transmits data within the same slot time the signals will collide referred to as collision The arbitrator will arbitrate...

Страница 42: ...in full duplex mode the distance can reach farther than half duplex because it is not limited by the maximum propagation delay time 512 bits time If fiber media is applied the distance can be up to te...

Страница 43: ...es not exist have the packet broadcasted Due to the size of the MAC address MAC address aging function is applied When the MAC address has resided and keeps no update in the table for a long time this...

Страница 44: ...upport different schedule algorithms Most common schedulers are FCFS First Come First Service Strictly Priority All High before Low Weighted Round Robin WRR Set a weight figure to the packet with a pr...

Страница 45: ...n outside the LAN a router is needed which always lies on the edge of the LAN For a layer 2 VLAN it assumes it is a logical subset of a physical LAN separated by specific rules such as tag port MAC ad...

Страница 46: ...rs This helps us configure the network easily according to the criteria needed for example financial accounting R D and whatever you think it necessary You can also easily move a user to a different l...

Страница 47: ...a tag field following the source MAC address is four bytes long and contains VLAN protocol ID and tag control information composed of user priority Canonical Format Indicator CFI and optional VLAN ide...

Страница 48: ...port is called PVID Each port can only be assigned a PVID The default value for PVID is 1 the same as VID Ingress filtering The process to check a received packet and compare its VID to the VLAN memb...

Страница 49: ...the mode how to learn MAC address For a specified VLAN it will use an independent filtering database FID to learn or look up the membership information of the VLAN and decide where to go Shared VLAN...

Страница 50: ...ports belong to which VLAN first Assuming a 24 port switch is applied Name VID Port Members Marketing 2 1 2 3 4 5 Service 3 6 7 20 21 22 Sales 4 8 9 10 11 12 13 14 15 16 Administration 1 17 18 19 23 2...

Страница 51: ...ed by the limitation of hardware performance may not be feasible If item 2 is the case extra costs are avoided and the network can be flexible according to the demand of bandwidth because all equipmen...

Страница 52: ...ation and station to station Here station may be a host or a router Link Aggregation called port trunking sometimes has two types of link configuration including static port trunk and dynamic port tru...

Страница 53: ...ss 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 254 Password admin Table 4 1 When the configuration of your Web Smart Switch is finished you can browse it by the IP address you set...

Страница 54: ...ts default values and shows you the basic information of the switch including Switch Status TP Port Status Fiber Port Status Aggregation VLAN Mirror SNMP and Maximum Packet Length With this informatio...

Страница 55: ...you insert Vice versa if ports are disconnected they will show just in black On the left side the main menu tree for web is listed in the page According to the function name in boldface all functions...

Страница 56: ...guration VLAN Group Configuration Aggregation LACP RSTP 802 1X IGMP Snooping Mirror QoS Filter Rate Limit Storm Control and SNMP System Configuration Ports Configuration VLAN Mode Configuration VLAN G...

Страница 57: ...ime left Set device name DHCP enable fallback IP address fallback subnet mask fallback gateway management VLAN password and inactivity timeout Parameter description System Description The simple descr...

Страница 58: ...2 168 1 1 Fallback Subnet Mask Subnet mask is made for the purpose of creating network addresses because any IP device in a network must have its own IP address composed of Network address and Host ad...

Страница 59: ...defined path it must be forwarded to a default router on a default path This means any packet with an undefined IP address in the routing table will be sent to this device unconditionally Default 192...

Страница 60: ...TP the Speed Duplex is comprised of the combination of speed mode 10 100 1000Mbps and duplex mode full duplex and half duplex The following table summarizes the function the media supports Media type...

Страница 61: ...Port 1 2 3 4 If you are on the port 1 you can communicate with port 2 3 4 If you are on the port 5 then you cannot talk to them Each port based VLAN you built up must be assigned a group name This swi...

Страница 62: ...parately When you choose one of VLAN mode the switch will bring you the responded VLAN configuration which keeps the default data You can easily create and delete a VLAN group by pressing Add and Dele...

Страница 63: ...up Create a new port based VLAN or tag based VLAN which depends on the VLAN mode you choose in VLAN mode function Fig 4 8 Add or Remove VLAN Member Delete Group Just tick the check box beside the ID t...

Страница 64: ...58 Fig 4 9 Port Based VLAN Configuration...

Страница 65: ...description Normal Set up the ports that do not join any aggregation trunking group Group 1 8 Group the ports you choose together Up to 12 ports can be selected for each group Fig 4 10 Aggregation Tr...

Страница 66: ...60 Key Value It s key for an aggregation This must be an integer value between 1 and 255 or auto select by switch Fig 4 11 LACP Port Configuration...

Страница 67: ...dress will then become the root switch Select a vale from the drop down list box The lower the numeric value you assign the higher the priority for this system Default 32768 Hello Time This is the tim...

Страница 68: ...on Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is assigned according to the speed of the bridge The slower the media the higher the cost user can select au...

Страница 69: ...ion message exchanged between it and a supplicant PAE The authenticator may request the supplicant to re authenticate itself at a configured time period Once it starts re authenticating the supplicant...

Страница 70: ...the traffic is bi directional Fig 4 14 The Fig 4 15 shows the procedure of 802 1x authentication There are steps for the login based on 802 1x port access control management The protocol used in the...

Страница 71: ...r 802 1x control is in the authorized state The supplicant and other devices connected to this port can access the network If the authenticator receives a Radius Access Reject it will send an EAP Fail...

Страница 72: ...th the length 1 15 characters The character string may contain upper case lower case and 0 9 It is character sensitive It is not allowed for putting a blank between any two characters Default None Adm...

Страница 73: ...ticator counters backend Authenticator counters dot1x MIB counters and Other statistics Press the Refresh button will fresh the screen and see the newer counters Fig 4 17 802 1X Statistics Function na...

Страница 74: ...entication Period 1 65535 s A non zero number seconds between the periodic re authentication of the supplicant Default 3600 EAP timeout 1 255 s A timeout condition in the exchange between the authenti...

Страница 75: ...ble Router Ports Just tick the check box beside the port x to enable router ports then press the Apply button to start up Default none Unregistered IGMP Flooding enabled Just tick the check box to ena...

Страница 76: ...we assume that Port A and Port B are Source Ports and Port C is Mirror Port respectively thus the traffic passing through Port A and Port B will be copied to Port C for monitor purpose Parameter descr...

Страница 77: ...nction description Five kinds of default values The user can select custom or all low priority or all normal priority or all medium priority or all high priority for QoS default value Function name 80...

Страница 78: ...s abbreviated DSCP and the last two bits are left unused DSCP can form a total of 64 0 63 kinds of Traffic Class based on the arrangement of 6 bit field in the DSCP of the IP packet In the switch user...

Страница 79: ...abled Disabled Allow all IP Addresses to login to the switch and manage it Static Just allow the IP Addresses that are set by the administrator to login to this switch and manage it DHCP Allow the IP...

Страница 80: ...e field Pause frames are also generated if flow control is enabled The format of the packet limits to unicast broadcast and multicast Valid value of Port 1 16 ranges from 128 3968 kbps Default No Limi...

Страница 81: ...m capability the User can use the drop down menu to select number of frames Default is No Limit The setting range is 1k 1024k per second Broadcast Rate To enable the Broadcast Storm capability the Use...

Страница 82: ...ss the authentication by identifying both community names then it can access the MIB information of the target device So both parties must have the same community name Once completing the setting clic...

Страница 83: ...77 Fig 4 27 SNMP Configuration...

Страница 84: ...r will be reset and restart counting Function name Statistics Overview Function description Display the summary counting of each port s traffic including Tx Bytes Tx Frames Rx Bytes Rx Frames Tx Error...

Страница 85: ...s Rx High Priority Packets Number of Rx packets classified as high priority Rx Low Priority Packets Number of Rx packets classified as low priority Rx Broadcast Show the counting number of the receive...

Страница 86: ...11 Bytes Number of 256 511 byte frames in good and bad packets received Rx 512 1023 Bytes Number of 512 1023 byte frames in good and bad packets received Rx 1024 Bytes Number of 1024 max_length byte f...

Страница 87: ...tomax_length register with invalid CRC Rx Drops Frames dropped due to the lack of receiving buffer Tx Collisions Number of collisions transmitting frames experienced Tx Drops Number of frames dropped...

Страница 88: ...w can show LACP information and status for all ports in the same time Parameter description LACP Aggregation Overview Show the group port status Default will set to red sign for port link down user ca...

Страница 89: ...nterval specified by root bridge used to request all other bridges periodically sending hello message every hello time seconds to the bridge attached to its designated port Max Age Show the root bridg...

Страница 90: ...dentifies the groups associated with the query and determines to which groups it belongs The host then sets a timer with a value less than the Max Response Time field in the query for each group to wh...

Страница 91: ...Time Out in secs Use drop down menu to set number of echo requests time out in second Four type numbers can choose there are 1 5 10 and 20 Default 1 NOTE All the functions should press Apply button to...

Страница 92: ...86 4 4 Maintenance There are five functions contained in the maintenance function Warm Restart Factory Default Maintenance Software Upgrade Configuration File Transfer Logout...

Страница 93: ...tings After upgrading software you have to reboot the device in order for the new configuration to take effect The function being discussed here is software reset Function name Warm Restart Function d...

Страница 94: ...IP address setting all settings will be restored to the factory default values when Factory Default function is performed If you want to restore all configurations including the IP address setting to...

Страница 95: ...4 4 3 Software Upgrade Function name Software Upgrade Function description You can just click Browse button to retrieve the file you want in your system to upgrade your switch Fig 4 36 Software Upgra...

Страница 96: ...nction description You can backup your switch s configuration file into your computer folder in case an accident happens In addition uploading the backup configuration file into a new or a crashed swi...

Страница 97: ...you do not logout and exit the browser the switch will automatically have you logout Besides this manually logout and implicit logout you can set up the parameter of Auto Logout Timer in system config...

Страница 98: ...r C 2 The uplink connection function fails to work 9 The connection ports on another must be connection ports Please check if connection ports are used on the 16 Port GbE Web Smart Switch 9 Please che...

Страница 99: ...ode force mode or auto polling mode Supports Head of Line HOL blocking prevention Supports broadcast storm filtering Web based management provides the ability to completely manage the switch from any...

Страница 100: ...e 10 100Mbps support full or half duplex 1000Mbps support full duplex only Transmission Speed 10 100 1000Mbps for TP 1000Mbps for Fiber Full Forwarding Filtering Packet Rate PPS packets per second For...

Страница 101: ...16 LINK ACT 10 100 1000Mbps 1000M SFP Fiber Port 13 16 SFP LINK ACT Power Requirement AC Line Voltage 100 240 V Frequency 50 60 Hz Consumption 30W Ambient Temperature 0 to 50 C Humidity 5 to 90 Dimens...

Страница 102: ...roup set Trunk Connection VLAN Function Port Base 802 1Q Tagged allowed up to 24 active VLANs in one switch Trunk Function Ports trunk connections allowed Bandwidth Control Supports by port Egress Ing...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды